5 Replies Latest reply on Dec 2, 2011 12:13 PM by downloadadmin

    False Artemis!B2D10CE272A9

    downloadadmin

      Hello,

       

      As of at least 2011-11-28, McAfee 5.400.0.1158, and McAfee–GW–Edition 2010.1D are falsely flagging DownloadAdmin (e.g. vlcmediaplayer-setup.exe) as Artemis!B2D10CE272A9. DownloadAdmin is a TRUSTe Trusted Download – http://www.downloadadmin.com.

       

      Please let me know if I can provide any additional information, such as a sample EXE, to resolve this false positive.

       

      Thank you!

       

      -Brian,

      DownloadAdmin

        • 1. Re: False Artemis!B2D10CE272A9
          Nitin Kumar

          Hi,

           

          I am looking into this issue.

           

          Regards,

          Nitin

          • 2. Re: False Artemis!B2D10CE272A9
            Nitin Kumar

            Hi,

             

            This installer seems broken, The first window prompts the user to accept “something” – but it’s unclear what the user is accepting.

            The second window prompts the user to installAsk.com toolbar but the display is off , it was reproducible on different test machines. Looks like unwanted program, Artemis detection seems to be accurate for this as not much user information prompts.

             

            Regards,

            Nitin Kumar

            • 3. Re: False Artemis!B2D10CE272A9
              downloadadmin

              Hello Nitin,

               

              Thanks for your quick response! DownloadAdmin requires IE7 or higher, and an open HTTP port 80 connection to render its installer screens. I have attached screenshots of the installer screens you should have seen for vlcmediaplayer-setup.exe. Please note that all sponsor products (e.g. Ask, EpicPlay, and Shop To Win) are completely optional, requiring the user to explicitly opt-in by choosing the "ACCEPT" button for each product.

               

              I would appreciate it if you could verify the filename of the file in your system, and provide its MD5 hash if possible so I can identify it for troubleshooting on our side. I would also appreciate any suggestions for avoiding problems with Artemis' analysis engine in the future. For example, should we prevent the installer from running if we do not detect IE7 or higher on the user's system?

               

              Thank you!

               

              -Brian,

              DownloadAdmin

               

              DownloadAdmin01.png

              DownloadAdmin02.png

              DownloadAdmin03.png

              DownloadAdmin04.png

              DownloadAdmin05.png

              DownloadAdmin06.png

              • 4. Re: False Artemis!B2D10CE272A9
                Nitin Kumar

                Hi,

                 

                It works with IE7, but will not be able to remove detection since it is broken with other paltforms.

                md5 of executable which i tested for is : b2d10ce272a9d4ad44178c788a2ab5a1, Please check the file with correction made.

                 

                Regards,

                Nitin

                • 5. Re: False Artemis!B2D10CE272A9
                  downloadadmin

                  Hello Nitin,

                   

                  We are adding a web browser version check to prevent DownloadAdmin from running if the user does not have IE7 or higher. I should have an updated sample for you next week.

                   

                  Thank you!

                   

                  -Brian,

                  DownloadAdmin